如何执行JOIN在相同指数elasticsearch操作JOIN操作?如何执行elasticsearch
这是FOW每个文件组领域:
"@version": "1",
"@timestamp": "2016-04-26T15:56:05.379Z",
"phone": "..."
"path": "...",
"host": "...",
"type": "...",
"clientip": "...",
"ident": "-",
"auth": "-",
"timestamp": "...",
"verb": "...",
"uripath": "...",
"httpversion": "1.1",
"response": "200",
"bytes": "515",
"timetaken": "383",
"event_type": "type1"
}
如果我会得到电话的有(EVENT_TYPE的TYPE1文件,时间戳DATE1之间和DATE2)和(TYPE2的EVENT_TYPE, 时间戳 DATE3和
之间date4)在MySQL的思维是两种观点
之间的连接
从文档它说,“dis_max”功能,可以在这里使用。你有过这个吗? –